JP5107247B2 - Automatic deployment, maintenance, and information logging of custom access point names in packet-based mobile cellular networks - Google Patents

Description

  Over the past decade, the number of mobile service subscribers has increased dramatically. As mobile devices have grown in popularity, the underlying technology that enables mobile communications has evolved as well. Mobile devices have evolved from analog transmissions used in the first mobile telephones to digital transmissions used by a wide variety of mobile communication devices today. The big boom in mobile communications can be traced back to the early 1980s, when analog mobile phone service (AMPS), also known as first generation (1G), was the mainstream technology. Over time, mobile communication technology has evolved from analog to digital with the advent of two competing technologies: Time Division Multiple Access (TDMA) and Code Division Multiple Access (CDMA). Leaping into cellular technology. Digital transmission can accommodate more communications in the same amount of radio frequency band. As a result, digital technologies such as TDMA and CDMA lay the foundation for services that go beyond simple voice telephony and enable the prosperity of data services such as Internet access, text messaging, and image sharing.

  The use of digital networks by mobile communication devices involves a wide range of technologies. Data may be converted to a wide variety of formats while being transmitted to its final destination. For example, GSM (Global System for Mobile Communications) is now a well-known standard for mobile communications. GSM differs greatly from its prior art in that both signaling and call channels are digital, which means that GSM is considered a second generation (2G) mobile device system. Data communication was incorporated into the GSM standard from an early age. GSM is an open standard and is currently being developed by the 3rd Generation Partnership Project (3GPP).

  In 1997, packet data capabilities were added to the GSM standard by General Packet Radio Service (GPRS). Faster data transmission was also introduced into the 1999 standard by EDGE (Enhanced Data rates for GSM Evolution). GPRS is a mobile data service available to users of GSM mobile devices. It is often described as “2.5 generation”, ie a technology between the second generation (2G) and the third generation (3G) of mobile communications. It provides a moderate data transmission rate using a TDMA channel that is not used in a GSM network.

  GPRS is different from the older circuit switched data (CSD) connections included in pre-1997 versions of the GSM standard. In older systems, the data connection established a line and reserved the entire bandwidth of the line for the duration of the connection. GPRS is packet switching, which means that multiple users share the same transmission channel and transmit only when there is transmission data. Web browsing, receipt of email upon arrival, and instant messaging are examples of uses that require intermittent data transfer, and benefit from sharing available bandwidth.

  Regardless of the transmission protocol used by a particular mobile device, whether it is voice, data, or other, modem transmissions are probably transmitted over the digital network for at least some portion of the journey to the final destination. In modern mobile communication systems, data from mobile devices can be transmitted via a digital network such as the Internet. However, any data transmitted over a digital network must be sent through a properly packaged and formatted and properly provisioned digital device. Using a digital network for data transmission generally involves placing data, eg, outgoing data from a mobile device, on the digital network. The data is then sent to the destination via the digital network and finally retrieved from the digital network and captured by the recipient.

  For example, consider transmission performed by a mobile phone. The signal is transmitted from the mobile phone to the receiving antenna. The data indicated by the signal may be transmitted from the receiving antenna to the center. The data may then be converted via a digital network into a format that is optimal for transmission. Data is packaged so that the digital network can be transmitted to the correct location. If various network elements such as routers, firewall systems, VPN tunnels, etc. are correctly deployed, the data then travels through the digital network to its destination. Eventually, the data sent in the original transmission is reassembled into a format that is easy for the recipient to capture.

  This transmission of data over a digital network requires a number of properly deployed elements. When the data is placed on the digital network, for example, a server controlled by United Parcel Service (UPS) (registered trademark), etc., an access point name (APN: APN) corresponding to a specific destination Access Point Name). Gateway GPRS Support Node (GGSN) table, Fixed End System (Router) router table, firewall system, VPN tunnel, and any other number of elements so that it can be successfully communicated to its destination Needs to be properly deployed according to the requirements of the particular digital network.

  It is common for one or more network elements to be improperly deployed, especially when first deploying the element to a new customer. This causes one or more transmission errors, delays in the time to deploy a network for communication, and high deployment costs due to staffing to troubleshoot and resolve transmission problems. Such decentralized maintenance and updates of network elements can also cause extra delay in troubleshooting bugs or connection errors.

  Furthermore, access to elements can also cause valuable data to be misappropriated, so it is a security risk for mobile telecommunications company personnel to gain access to various network elements. Not only misuse of sensitive information such as information on how to connect to private companies' servers, but also improperly disabling elements due to errors, malice, etc. is a security issue that must be taken seriously. Is a true threat. In addition, with the current uncentralized network provisioning system, it is difficult to collect information from various network elements and handle it comprehensively. This is not only for security purposes but also for compliance with laws and regulations. It is becoming increasingly important for automated troubleshooting techniques.

  In view of the above situation in the mobile communications business, a solution is needed that facilitates the deployment and maintenance of access point names and data related to digital transmission, as well as centralized information recording and access control. It is.

  In view of the needs in the mobile communications business identified above, the present invention provides a system, method, and computer that automates the process of deploying and maintaining an APN for use in a digital network such as a GPRS network. Provide a readable medium. Multiple network elements including, but not limited to, GGSN tables, router tables, firewall systems, VPN tunnels, and Home Location Registry (HLR) tables are routed through a centralized system. Can be deployed and maintained. The present invention not only centralizes and logs deployment, maintenance, and access events, but also integrates verification from deployed network elements to enhance security, reporting, and troubleshooting. . The present invention thus ensures accuracy and reduces operational costs for integrating mobile communication systems with digital networks. Other advantages and features of the invention are described below.

  A system and method for automating deployment, maintenance, and information logging related to a custom APN according to the present invention will be further described with reference to the drawings.

  In the following description and drawings, certain specific details are set forth in order to provide a thorough understanding of various embodiments of the invention. However, some well-known details often associated with network, computer, and software technologies are not described in the following disclosure to avoid unnecessarily obscuring the various embodiments of the present invention. . Moreover, those skilled in the art will appreciate that other embodiments of the invention may be practiced even though one or more of the details described below may be missing. Finally, the following disclosure describes various methods in steps and order, such descriptions are provided to provide a clear implementation of embodiments of the present invention. It should not be understood that order is essential to the practice of the invention.

  FIG. 1 illustrates an exemplary environment in which the present invention can be implemented. In a packet-based mobile cellular network such as GPRS, there are a plurality of base station subsystems (BSS: Base Station Subsystem) 100, each of which includes a plurality of base stations (BTS: Base, such as BTS 104, BTS 106, and BTS 108). A base station controller (BSC) serving a transceiver station (BSC) is provided. A base station is an access point that connects a user of a packet-based mobile device to a wireless network. Packet traffic originating from the user equipment is transmitted to the BTS 108 via the air interface, and then transmitted from the BTS 108 to the BSC 102. A base station subsystem such as BSS 100 is part of an internal frame relay network 110 that may include service GPRS support nodes (SGSN) such as SGSN 112 and SGSN 114. Each SGSN is connected to an internal packet network, and the SGSN can transmit and receive data packets to and from a plurality of gateway GPRS support nodes (GGSN) via the network. As shown, SGSN 114 and GGSN 122, GGSN 124, and GGSN 126 are part of internal packet network 120. The gateway GPRS serving node mainly includes an external Internet protocol (IP: Public Land Mobile Network (PLMN), corporate intranet, fixed-end system (FES), or public Internet 130). Internet Protocol) Provides an interface to the network. As shown in the figure, the subscriber company network 140 is connected to the GGSN 124 via the firewall 132, and the PLMN 150 is connected to the GGSN 124 via the boarder gateway router 134. A remote authentication dial-in user service (RADIUS) server 142 is used to authenticate a caller when a user of a mobile cellular device calls the corporate network 140.

  FIG. 2 illustrates an exemplary APN and its user so that the terminology can be understood herein. In the illustrated embodiment, the APN identifies a packet data network (PDN) that is accessible from a GGSN node in a GPRS network (eg, UPS.com). The custom APN may define a dedicated connection between the radio access network (see FIG. 3), the GGSN, and the customer network. In other words, an APN may be a name used by GPRS to route a network to a specific destination through which a specific subscriber passes. It provides performance predictability and Internet independence because the route through which the customer's packet data traffic is routed is predetermined. Another advantage of a custom APN includes security architectural advantages and dedicated IP addresses for customers. As shown, custom APN 270 is utilized when mobile subscriber 244, mobile subscriber 246, and mobile subscriber 248 connect to corporate network 240. Here, as an example, packet data traffic between the end user and the corporate network 240 is routed through the BTS 204, BSC 202, internal frame relay network 210, SGSN 214, internal packet network 220, FES or Internet 230, and firewall 232. introduce. For security purposes, the end-user identifiers are first authenticated by RADIUS server 242 before calls from mobile subscriber 244, mobile subscriber 246, and mobile subscriber 248 can be delivered.

  FIG. 3 shows a typical GPRS network architecture, segmented into four groups: users, radio access networks, backbone networks, and interconnected networks. User 300 has multiple end users, but only mobile subscriber 305 is shown here. The radio access network 310 includes a plurality of base station subsystems such as the BSS 312, and the BSS 312 includes a BTS 314 and a BSC 316. The backbone network 320 includes a number of various network elements, and as shown in the figure, a mobile switching center (MSC) 321, a service control point (SCP) 322, a gateway MSC 323, an SGSN 326, a home location register. (HLR: Home Location Register) 324, an authentication center (AuC) 325, a domain name server (DNS) 327, and a GGSN 328. Interconnect network 330 has a number of different networks and other network elements, as shown, Public Switched Telephone Network (PSTN) 332, Fixed End System (FES) or the Internet. 334, firewall 338, and corporate network 339.

  A mobile switching center can connect to a number of base station controllers. The MSC 321 sorts traffic according to the type of traffic, voice may be sent to the public switched telephone network (PSTN) via a gateway MSC (GMSC) 323, data is sent to the SGSN 326, and the SGSN 326 then The data traffic may be sent to GGSN 328 for forwarding to the destination.

  When the MSC 321 receives call traffic from, for example, the BSC 316, it sends a query to the database contained in the SCP 322. The SCP 322 processes the request and returns a response to the MSC 321 so that call processing can continue appropriately.

  The HLR 324 is a central database for all users registered in the GPRS network. It records static information about the subscriber, such as an International Mobile Subscriber Identity (IMSI), subscription service, and a key for subscriber authentication. The HLR 324 also records dynamic subscriber information such as the mobile phone subscriber's current location. The HLR 324 is accompanied by AuC325. It is a database that holds an algorithm for subscriber authentication and a key necessary for encryption to protect the user input for authentication.

  When a mobile subscriber switches on his mobile device, the mobile device performs an attach process, thereby attaching to the SGSN of the GPRS network. In the following description, the term “mobile subscriber” shall refer to a mobile cellular device used by an end user of a mobile cellular service. In FIG. 3, when the mobile subscriber 305 switches on the mobile device and starts the attach process, an attach request is sent by the mobile subscriber 305 to the SGSN 326. SGSN 326 queries another SGSN to which mobile subscriber 305 was previously attached for the identity of mobile subscriber 305. Upon receiving the mobile subscriber 305 identifier from the other SGSN, the SGSN 326 requests more information from the mobile subscriber 305. This information is used to authenticate the mobile subscriber 305 to the SGSN 326 by the HLR 324. Once confirmed, the SGSN 326 sends a location update to the HLR 324 indicating that the location has changed to the new SGSN. The HLR 324 informs the old SGSN that the mobile subscriber 305 has previously attached to stop location processing for the mobile subscriber 305. The HLR 324 then informs the SGSN 326 that a location update has been performed. At this time, the SGSN 326 transmits an Attach Accept message to the mobile subscriber 305, and the mobile subscriber 305 then transmits an Attach Complete message to the SGSN 326.

  After attaching to the network, the mobile subscriber 305 performs an authentication process. In the authentication process, the SGSN 326 transmits authentication information to the HLR 324, and the HLR 324 returns information to the SGSN 326 based on the user profile that is a part of the user's initial setting value. SGSN 326 then sends a request for authentication and encryption to mobile subscriber 305. The mobile subscriber 305 uses an algorithm to send the user's identifier (ID) and password to the SGSN 326. SGSN 326 uses the same algorithm to compare the results. If so, SGSN 326 authenticates mobile subscriber 305.

  Next, the mobile subscriber 305 establishes a user session with the corporate network 339, which is the destination network, by executing packet data protocol (PDP) activation processing. Briefly, in the process, the mobile subscriber 305 is an APN, eg, UPS. com (eg, the corporate network 329 of FIG. 3), and the SGSN 326 receives an activation request from the mobile subscriber 305. SGSN 326 then determines which GGSN node is UPS. com Inquiries to DNS are started to know if access to APN is possible. The inquiry to the DNS is transmitted to the DNS server in the backbone network 320. For example, DNS 327 that is deployed to map to one or more GGSN nodes in backbone network 320. Based on the APN, the mapped GGSN 328 can access the requested enterprise network 329. SGSN 326 then sends a Create PDP Context Request message containing the necessary information to GGSN 328. The GGSN 328 transmits a Create PDP Context Response (PDP context generation response) message to the SGSN 326, and then the SGSN 326 transmits an Activate PDP Context Accept (PDP context activation approval) message to the mobile subscriber 305.

  Once activated, data packets for calls made by the mobile subscriber 305 are routed through the radio access network 310, backbone network 420, and interconnection network 430, particularly the fixed-end system or Internet 334 and firewall 338, to the corporate network. 439 can be reached.

  Thus, according to the requirements of a specific digital network that requires proper deployment, the network elements that need to be deployed include gateway GPRS support nodes (GGSN), fixed end system router tables, firewall systems, as described in the background art. VPN tunnels and any number of other network elements may be included, but are not limited to these.

  FIG. 4 depicts an exemplary system and method for automating custom APN deployment, maintenance, and information recording. In the illustrated embodiment, multiple authorized operators of a mobile service provider, such as operator 442, operator 444, and operator 446, each have a number of network elements, such as GGSN 428, DNS 427, SGSN 426, HLR 424, etc. can be deployed via a provisioning network (440) and an APN definition control engine (DCE) 450. The DCE 450 is a device, such as a computer server connected to a network, where it may execute software that automatically deploys various network elements. Software execution on the DCE 450 can optionally accommodate any of a number of operating systems such as LINUX, SUN SOLARIS (registered trademark), and WINDOWS (registered trademark), depending on user preferences. Since one of the functions of the DCE 450 is to deploy network elements that deploy custom APNs, the DCE 450 can deploy various network elements that can be deployed in connection with the generation of APNs in a mobile service provider's network, eg, It may be implemented so as to be able to communicate directly or indirectly with GGSN 428, DNS 427, and HLR 424.

  Depending on the level of authorization, each authorized operator 442, operator 444, and operator 446 can deploy some or all of the network elements. For example, operator 442 may be a customer service representative and only authorized to deploy GGSN 428, while operator 444 may be a system engineer, and thus GGSN 428, DNS 427, HLR 424, and other Has authority to deploy network elements. The deployment network 440 illustrates that an operator can directly access the DCE 450 in performing the deployment, but need not. Rather, in some embodiments of the present invention, an operator can access the DCE 450 via the mobile service provider's intranet, and in such a case, the mobile service provider's intranet can be considered as a deployed network 440. it can. An operator can interact with the DCE 450 via a user interface such as a web browser. To access the DCE 450 in such an embodiment, the operator need only point his computer device browser to the DCE 450's network address. When connected to DCE 450, the operator may be prompted to enter his username and password to prevent unauthorized access or as a security measure to determine the appropriate level of authorized access .

  The present invention provides a GUI (Graphical User Interface) for an operator to input deployment information related to a custom APN. Upon receiving the deployment information presented by the operator, the DCE 450 records the information in a centralized log 451 that can be included in the same physical device that hosts the DCE 450, or in a database of a device such as a physically separate database server. To do. The logging of various events performed by or through DCE 450 is shown in connection with FIG. Using the input deployment information and in response to commands from the operator, the DCE 450 communicates with each of the deployed network elements, eg, GGSN 428, DNS 427, HLR 424, and the relevant parameters of those network elements. Is implemented.

  Whenever the operator is logged into the DCE 450, all operations performed by the operator can be logged in the centralized log 451. In addition to operations initiated by the operator, all operations performed by the DCE 450 may be logged in the same centralized log 451. For example, communication with network elements such as GGSN 428, DNS 427, HLR 424, and implementation of deployed parameters. Further, upon implementation of deployed parameters, each deployed network element may return confirmation and status of deployed parameters to DCE 450 for logging to centralized log 451. The date and time when the input was performed may be attached to each log input information so that the date and time when the specific operation or event occurs can be understood by examining the log 451. For example, during troubleshooting, the operator 442 can see the centralized log 451 and can understand the time and order of events that occurred when determining what went wrong.

  FIG. 5 shows a schematic diagram of a user 506 that can associate multiple parameters with an APN using software 500 running on a computer. Software 500 can deploy multiple network elements 501-503 using the parameters. Information such as a user identifier can be recorded in the database 505.

  The software 500 can be executed on a single computer as shown by element 450 in FIG. 4 or can be executed in a distributed configuration, as will be appreciated by those skilled in the art. In some embodiments, software 500 can be accessed by any number of operators, such as user 506, for example, via an intranet or Internet portal. In such embodiments, any available technology that remotely accesses the functionality of software 500 can be utilized.

  The software 500 may allow only limited access to various functions provided by the software 500. Access restrictions reduce the chances of network element 501-503 error or malicious redeployment or deployment errors. Access restrictions also reduce the chances of misappropriating any sensitive data accessible via software 500. In certain restricted access configurations, user 506 may only access certain functions related to a single network element, eg, network element 501, while other users (not shown) may access various other networks. Only the element 502 and the network element 503 may be accessed. Alternatively, a single user 506 may access multiple network elements, including all and all network elements 501-503. Such an embodiment is an advantage of the present invention because access to network elements can be tailored to the specific needs of a given organization.

  Software 500 may provide many combinations of different functions. The deployment function allows software 500 to automatically update network elements 501-503 using parameters entered by the user. The user interface function may allow access to various controls and functions provided by the software 500, and may include the remote access functions described above. In this manner, the combination of the user interface function and the deployment function allows the user to manually update the parameters of the network element 501-503, and subsequently use the parameters entered by the user 506 to use the network element 501-503. 503 can be deployed. For example, if user 506 enters new parameters for a router table to send digital data to a new customer server, software 500 may also have the necessary functionality to access a network element, eg, network element 501. Often, the element may be updated with the new parameters. When multiple network elements 501-503 are included, the software 500 may include drivers, scripts, etc. for updating all of these various elements in order to communicate with elements from various providers. Various types of drivers, scripts, and the like may be included in the software 500. Furthermore, the software 500 may be provided with a technology that enables adaptation to an arbitrary number of communication protocols and the like.

  The maintenance function provided by the software 500 may be an extension of the deployment technology. In this regard, deployed elements 501-503 may be redeployed using a variation of the same functionality that was used to initially deploy elements 501-503. The maintenance function may also include a function that automatically updates parameters for a number of elements, for example, when changing ubiquitously used parameters.

  In some embodiments, software 500 may be extensible as new features may be added to support new network elements. In some embodiments of the present invention, providing a plug-in for software 500 that enables deployment, maintenance, etc. in accordance with the spirit of the present invention may actually depend on the manufacturer of elements 501-503. .

  An information recording function may be included in the software 500. Information recording may log information to the database 505 or other data recording device. A variety of useful data may be automatically logged by software 500 to provide advanced security features, troubleshooting features, and regulatory compliance features. The first type of information that is useful to log is access data. This data reveals which user, for example, user 506 has accessed software 500 and when. Another type of information that is very useful is a deployment event log. Each time a network element, eg, network element 501, is deployed, the software may record that element, the updated parameters, the update time, the customer involved in the update, the user who initiated the update, etc. Various functions may be added to the software 500 to allow information in the log to be searched on a query basis, and a query function may be provided to help troubleshoot specific problems. For example, if you want to know the average time interval between updates for a particular customer, you can enable software 500 to automatically search for such information via the user interface and analyze customer support issues in a sophisticated manner. You may do it.

  Another type of information that may be logged is the implementation status of the various network elements 501-503. This may have various information including information on whether the element has ever failed, and on the state and settings of the element. For example, if an element goes offline, this may be discovered by software 500 and logged. For example, if an element is locally updated by some mechanism that does not involve software 500, this may be logged.

  Regulatory compliance is another benefit of logging. Corporate reports are increasingly being scrutinized and are considered an integral part of operations. Information regarding reporting and customer service provision levels may be retrieved from data in log 505.

  FIG. 6 illustrates an exemplary order of steps for logging information in a log such as log 451 in FIG. 4 or database 505 in FIG. FIG. 6 also shows a general overview of the exemplary operation of the software 500 of FIG. As shown, the step order may begin when the user accesses the system 600. For example, the user may log in to an intranet that allows the user to access the software 500 of FIG. 5, the DCE 450 of FIG. An exemplary initial action to be performed is to log a user access event (601).

  The virtual user may then begin providing one or more parameters to one or more network elements (602). For example, the user interface may allow the user to click on a network element icon corresponding to the element that the software wants to deploy. The user interface may then display an updatable list of parameters for the selected network element. The user may provide new parameters or update parameters for the element.

  When the provision of new parameters is complete, the user may select and indicate a “done” button or the like to indicate that he wishes to deploy the element accordingly. In step 603, the deployment target element can be contacted and updated. This step may typically include establishing a network connection to the element or determining the presence of an open connection to the element. It may also include executing a script that updates the element. Of the various network elements currently in use, most can be deployed to execute scripts and update parameters. For those elements that cannot be deployed by performing such tasks, it may be necessary to replace them with new elements, or otherwise determine techniques for deploying remotely executable elements.

  Note the loop from step 603 to step 601 in FIG. As part of step 603 of deploying elements, actions may be logged at step 601. As long as the user continues to provide new parameters at 602, the element may be deployed and the corresponding information logged. When the user stops inputting new parameters and logs out (604), the logout event is logged (605), and the process ends.

  Finally, it will be appreciated that the various techniques described herein may be implemented in hardware or software, or a combination of both where appropriate. Accordingly, the method and apparatus of the present invention, or certain aspects thereof or portions thereof, may be in a tangible medium such as a floppy disk, CD-ROM, hard drive, or any other machine-readable recording medium. It may take the form of embodied program code (ie, instructions), where when the program code is loaded and executed on a machine such as a computer, the machine becomes an apparatus for implementing the invention. For execution of program code on a programmable computer, the computer device generally includes a processor, a processor-readable recording medium (including volatile and non-volatile memory and / or recording elements), at least one input device , And at least one output device. One or more programs that can implement or utilize the user interface technology of the present invention, for example, through a data processing API, reusable controls, etc., preferably communicate with a computer system, preferably in a high level procedural programming language or Implemented in an object-oriented programming language. However, if necessary, the program can be implemented in assembly language or machine language. In any case, the language may be a compiled or interpreted language and may be combined with a hardware implementation.

  The illustrative embodiments refer to the use of one or more stand-alone computer systems in some situations. The invention is not so limited, but rather may be implemented in combination with any computer environment, such as a network computer or a distributed computer environment. Furthermore, the present invention may be realized by or across a plurality of processing chips or apparatuses, and the recording apparatus may also be realized by a plurality of apparatuses. Such a device may include a personal computer, a network server, a handheld device, a supercomputer, or a computer embedded in another system. Accordingly, the invention is not to be limited to any single embodiment, but is to be construed in breadth and scope in accordance with the claims.

It is a figure which shows the outline | summary of the network environment suitable for the service by embodiment of this invention. It is a figure which shows deployment of custom APN in a network. FIG. 2 illustrates a GPRS network architecture that may incorporate various aspects of the invention. FIG. 2 illustrates an example system and process for automating custom APN deployment, maintenance, and information logging in a GPRS network. FIG. 4 is a schematic diagram of a user 506 that can use computer-implemented software 500 to associate multiple parameters with an APN. FIG. 6 illustrates an exemplary order of steps for logging information to a log such as 451 in FIG. 4 or 505 in FIG. 5.

Claims (37)

An APN definition control engine that enables transmission of mobile communication data to a location within a digital network identified by an access point name (APN),
Means for associating a plurality of parameters used by a backbone network element to deliver mobile communication data via the APN to a plurality of the backbone network elements by an authorized operator;
Means for deploying the backbone network element having the parameters by a computer at the direction of the approved operator;
At least one of a user identifier corresponding to the approved operator, an operation performed by the approved operator, an operation performed by the definition control engine, a core network element affected by the plurality of core network elements One identifier, confirmation and status of deployed parameters returned from the affected backbone network element, data of the operations performed by the authorized operator, and the operations performed by the definition control engine An APN definition control engine comprising: means for logging operation data .   The APN definition control engine according to claim 1, wherein the plurality of backbone network elements includes at least one gateway GPRS support node (GGSN).   The APN definition control engine of claim 1, further comprising means for associating at least one parameter with at least one fixed-end system router by an authorized operator.   The APN definition control engine of claim 1, further comprising means for associating at least one parameter with at least one firewall system by an authorized operator.   The APN definition control engine of claim 1, further comprising means for associating at least one parameter with at least one virtual private network (VPN) tunnel by an authorized operator.   The APN definition control engine of claim 1, further comprising means for associating at least one parameter with at least one gateway support router by an authorized operator.   The APN definition control engine according to claim 6, wherein one of the plurality of parameters is an APN used by the gateway support router.   The APN definition control engine of claim 1, further comprising means for logging an identifier of at least one parameter used to deploy the backbone network element.   The APN definition control engine according to claim 1, further comprising means for receiving status information from at least one network element and means for logging the status information.   The system further comprises means for defining access rights of an authorized operator so that the authorized operator can only perform actions defined by the authorized operator. 2. The APN definition control engine according to 1.   The APN definition control engine of claim 1, wherein said means for logging a user identifier and said means for logging at least one identifier of a backbone network element comprise means for using a centralized database log. .   The APN definition control engine according to claim 1, further comprising means for updating at least one parameter. A method for enabling mobile communication data to be transmitted to a location in a digital network identified by an access point name (APN) comprising:
Associating a plurality of parameters used by a backbone network element to deliver mobile communication data to the APN to a plurality of the backbone network elements by an authorized operator;
Deploying the backbone network element with the parameters by a computer at the direction of the approved operator;
A user identifier corresponding to the approved operator, an operation performed by the approved operator, at least one identifier of a backbone network element affected by the plurality of backbone network elements, the affected backbone Logging the status and status of deployed parameters returned from a network element and the data of the operations performed by the authorized operator .   The method of claim 13, wherein the plurality of backbone network elements comprises at least one gateway GPRS support node (GGSN).   The method of claim 13, further comprising associating at least one parameter with at least one fixed-end system router by an authorized operator.   The method of claim 13, further comprising associating at least one parameter with at least one firewall system by an authorized operator.   The method of claim 13, further comprising associating at least one parameter with at least one virtual private network (VPN) tunnel by an authorized operator.   The method of claim 13, wherein the plurality of backbone network elements comprises at least one home location registry (HLR).   The method of claim 13, further comprising associating at least one parameter with at least one gateway support router by an authorized operator.   The method of claim 19, wherein one of the plurality of parameters is an APN used by the gateway support router.   The method of claim 13, further comprising logging an identifier of at least one parameter used to deploy the backbone network element.   The method of claim 13, further comprising receiving status information from at least one network element and logging the status information.   14. The method of claim 13, further comprising defining access rights of an authorized operator so that the authorized operator can perform only actions defined by the authorized operator. The method described in 1.   The method of claim 13, wherein the step of logging a user identifier and the step of logging at least one identifier of a backbone network element are performed using a centralized database log.   The method of claim 13, further comprising the step of updating at least one parameter. A computer readable recording medium having instructions that enable transmission of mobile communication data to a location within a digital network identified by an access point name (APN), the instructions comprising:
Instructions for associating, by an authorized operator, a plurality of parameters used by a backbone network element to deliver mobile communication data to the APN;
Instructions to deploy a backbone network element having the parameters by a computer at the direction of the authorized operator;
A user identifier corresponding to the approved operator, an operation performed by the approved operator, at least one identifier of a backbone network element affected by the plurality of backbone network elements, the affected backbone A computer-readable recording medium comprising: confirmation and status of deployed parameters returned from a network element, and instructions for logging data of the operation performed by the authorized operator .   27. The computer-readable medium of claim 26, wherein the plurality of backbone network elements comprises at least one gateway GPRS support node (GGSN).   The computer-readable medium of claim 26, further comprising instructions for associating at least one parameter with at least one fixed-end system router by an authorized operator.   The computer-readable medium of claim 26, further comprising instructions for associating at least one parameter with at least one firewall system by an authorized operator.   The computer-readable medium of claim 26, further comprising instructions for associating at least one parameter with at least one virtual private network (VPN) tunnel by an authorized operator.   The computer-readable medium of claim 26, comprising instructions for associating at least one parameter with at least one gateway support router by an authorized operator.   The computer-readable recording medium according to claim 31, wherein one of the plurality of parameters is an APN used by the gateway support router.   The computer-readable medium of claim 26, further comprising instructions for logging an identifier of at least one parameter used to deploy the backbone network element.   27. The computer-readable recording medium of claim 26, further comprising instructions for receiving status information from at least one network element and instructions for logging the status information.   27. The system further comprising: defining an access right of an authorized operator so that the authorized operator can perform only an action defined by the authorized operator. A computer-readable recording medium described in 1.   27. The computer readable medium of claim 26, wherein the instructions for logging a user identifier and the instructions for logging at least one identifier of a backbone network element comprise instructions for logging to a centralized database log. recoding media.   The computer-readable medium of claim 26, further comprising instructions for updating at least one parameter.

Images